Malicious adware downloaded over 1.5 million times in Google Play store

Share

Written by

The Google Play Store is like the world’s busiest mall. It’s packed with 2 billion active monthly users, 3.5 million apps, plenty of businesspeople and a long line of con artists too.

Disclosed this week, new malicious adware dubbed LightsOut was downloaded over 1.5 million times in the Google Play Store, used to generate illegal ad revenue for its creators.

Researchers at the cybersecurity firm Check Point Technologies detected the malware and Google has since removed the app. When asked who is responsible, Check Point researchers told CyberScoop that they “do not know.”

Hiding in 22 flashlight and utility apps, LightsOut’s goal was to pummel users with ads at all times even when people tried to disable them. Hardly a subtle approach, removing the app is difficult because LightsOut hides the app’s icon in attempt to elude victims.

Google is pouring significant resources into changing the way malware is detected on Android. As of last year, machine learning does the lion’s share of detection. That may be a start but Android Play Protect, the mobile operating system’s security system, recently finished last in tests against two-dozen antivirus competitors.

As for LightsOut, even purchasing ad-free versions of the malicious apps effectively did nothing except give the attackers extra cash. Some users reported being forced to press on ads to answer calls on their phone, connect to Wi-Fi, plug into a charger or perform other basic functions.

“Despite the vast investment Google has recently made in the security of their App Store, ‘LightsOut’ reminds us once again that users need to be wary of downloading from App Stores and are advised to have a ‘Plan B’ in the form of an advanced mobile threat defense solution that goes beyond anti-virus,” Check Point’s researchers write. “Many users are still unaware of the dangers lurking for them, and continue to install apps such as fishy flashlights.”